[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-5267":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":67,"aliases":85,"duplicate_of":9,"upstream":86,"downstream":87,"duplicates":114,"related":115,"reserved_at":9,"published_at":125,"modified_at":126,"state":127,"summary":128,"references_raw":136,"kevs":170,"epss":171,"epss_history":174,"metrics":428,"affected":444},"CVE-2020-5267","In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.",null,[11,44],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],{"_key":45,"id":45,"name":46,"description":47,"type":15,"status":48,"abstraction":49,"likelihood_of_exploit":18,"capec":50},"CWE-80","Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as \"\u003C\", \">\", and \"&\" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.","Incomplete","Variant",[51,55,59,63],{"id":52,"name":53,"techniques":54},"CAPEC-18","XSS Targeting Non-Script Elements",[],{"id":56,"name":57,"techniques":58},"CAPEC-193","PHP Remote File Inclusion",[],{"id":60,"name":61,"techniques":62},"CAPEC-32","XSS Through HTTP Query Strings",[],{"id":64,"name":65,"techniques":66},"CAPEC-86","XSS Through HTTP Headers",[],[68,77],{"_key":69,"name":70,"source":71,"url":72,"maturity":73,"reliability_score":74,"verified":75,"type":9,"platforms":76,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_RAILS_RAILS","Rails","github","https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv","poc",0.3,false,[],{"_key":78,"name":79,"source":80,"url":81,"maturity":82,"reliability_score":83,"verified":75,"type":9,"platforms":84,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_3B0E67835D7A02B3","Exploit Reference (openwall.com)","reference","http://www.openwall.com/lists/oss-security/2020/03/19/1","unknown",0.2,[],[],[],[88,90,92,94,96,98,100,102,104,106,108,110,112],{"_key":89},"UBUNTU-CVE-2020-5267",{"_key":91},"SUSE-SU-2020:0954-1",{"_key":93},"SUSE-SU-2020:1178-1",{"_key":95},"SUSE-SU-2020:3036-1",{"_key":97},"SUSE-SU-2020:3147-1",{"_key":99},"SUSE-SU-2020:3160-1",{"_key":101},"OPENSUSE-SU-2020:0627-1",{"_key":103},"OPENSUSE-SU-2020:1993-1",{"_key":105},"OPENSUSE-SU-2020:2000-1",{"_key":107},"OPENSUSE-SU-2024:11823-1",{"_key":109},"DLA-2149-1",{"_key":111},"DEBIAN-CVE-2020-5267",{"_key":113},"RHSA-2020:4366",[],[116,117,118,119,120,121,122,123,124],{"_key":91},{"_key":93},{"_key":95},{"_key":97},{"_key":99},{"_key":101},{"_key":103},{"_key":105},{"_key":107},"2020-03-19T17:30:16.000Z","2024-08-04T08:22:09.079Z","Modified",{"cisa_kev":75,"cisa_ransomware":75,"cisa_vendor":9,"epss_severity":129,"epss_score":130,"severity":131,"severity_score":132,"severity_version":133,"severity_source":134,"severity_vector":135,"severity_status":127},"low",0.00887,"medium",4.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",[137,145,150,155,159,165],{"url":72,"sources":138,"tags":140},[139,134],"cve.org",[141,142,143,144],"X Refsource CONFIRM","Exploit","Patch","Third Party Advisory",{"url":146,"sources":147,"tags":148},"https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a",[139,134],[149,143,144],"X Refsource MISC",{"url":81,"sources":151,"tags":152},[139,134],[153,154,142,143,144],"Mailing List","X Refsource MLIST",{"url":156,"sources":157,"tags":158},"https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html",[139,134],[153,154,144],{"url":160,"sources":161,"tags":162},"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html",[139,134],[163,164,153,144],"Vendor Advisory","X Refsource SUSE",{"url":166,"sources":167,"tags":168},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/",[139,134],[163,169],"X Refsource FEDORA",[],{"date":172,"score":130,"percentile":173},"2026-06-04",0.75839,[175,178,181,183,186,189,192,195,198,201,204,207,210,212,215,219,222,225,228,231,234,236,238,241,243,246,249,251,255,258,261,263,265,268,270,273,276,279,282,285,288,291,293,296,299,302,305,308,311,313,316,318,321,324,327,329,332,335,338,341,344,346,349,352,355,358,361,364,366,369,372,375,378,381,384,387,390,392,394,397,400,403,406,409,412,414,417,420,423,425],{"date":176,"score":130,"percentile":177},"2025-11-04",0.74723,{"date":179,"score":130,"percentile":180},"2025-11-05",0.74714,{"date":182,"score":130,"percentile":180},"2025-11-06",{"date":184,"score":130,"percentile":185},"2025-11-07",0.7473,{"date":187,"score":130,"percentile":188},"2025-11-08",0.74729,{"date":190,"score":130,"percentile":191},"2025-11-09",0.74724,{"date":193,"score":130,"percentile":194},"2025-11-10",0.74712,{"date":196,"score":130,"percentile":197},"2025-11-11",0.74713,{"date":199,"score":130,"percentile":200},"2025-11-12",0.74733,{"date":202,"score":130,"percentile":203},"2025-11-13",0.7474,{"date":205,"score":130,"percentile":206},"2025-11-14",0.74745,{"date":208,"score":130,"percentile":209},"2025-11-15",0.74742,{"date":211,"score":130,"percentile":209},"2025-11-16",{"date":213,"score":130,"percentile":214},"2025-11-17",0.74732,{"date":216,"score":217,"percentile":218},"2025-11-18",0.00641,0.68183,{"date":220,"score":217,"percentile":221},"2025-11-19",0.68191,{"date":223,"score":217,"percentile":224},"2025-11-20",0.68186,{"date":226,"score":130,"percentile":227},"2025-11-21",0.74758,{"date":229,"score":130,"percentile":230},"2025-11-22",0.74751,{"date":232,"score":130,"percentile":233},"2025-11-23",0.74738,{"date":235,"score":130,"percentile":214},"2025-11-24",{"date":237,"score":130,"percentile":214},"2025-11-25",{"date":239,"score":130,"percentile":240},"2025-11-26",0.74739,{"date":242,"score":130,"percentile":203},"2025-11-27",{"date":244,"score":130,"percentile":245},"2025-11-28",0.74728,{"date":247,"score":130,"percentile":248},"2025-11-29",0.74727,{"date":250,"score":130,"percentile":248},"2025-11-30",{"date":252,"score":253,"percentile":254},"2025-12-01",0.00888,0.74878,{"date":256,"score":253,"percentile":257},"2025-12-02",0.74885,{"date":259,"score":253,"percentile":260},"2025-12-03",0.74875,{"date":262,"score":130,"percentile":177},"2025-12-04",{"date":264,"score":130,"percentile":200},"2025-12-05",{"date":266,"score":130,"percentile":267},"2025-12-06",0.74736,{"date":269,"score":130,"percentile":200},"2025-12-07",{"date":271,"score":130,"percentile":272},"2025-12-08",0.74737,{"date":274,"score":130,"percentile":275},"2025-12-09",0.74768,{"date":277,"score":130,"percentile":278},"2025-12-10",0.74793,{"date":280,"score":130,"percentile":281},"2025-12-11",0.74809,{"date":283,"score":130,"percentile":284},"2025-12-12",0.74832,{"date":286,"score":130,"percentile":287},"2025-12-13",0.7484,{"date":289,"score":130,"percentile":290},"2025-12-14",0.74837,{"date":292,"score":130,"percentile":287},"2025-12-15",{"date":294,"score":130,"percentile":295},"2025-12-16",0.74852,{"date":297,"score":130,"percentile":298},"2025-12-17",0.74862,{"date":300,"score":130,"percentile":301},"2025-12-18",0.74884,{"date":303,"score":130,"percentile":304},"2025-12-19",0.74901,{"date":306,"score":130,"percentile":307},"2025-12-20",0.74896,{"date":309,"score":130,"percentile":310},"2025-12-21",0.7489,{"date":312,"score":130,"percentile":310},"2025-12-22",{"date":314,"score":130,"percentile":315},"2025-12-23",0.74886,{"date":317,"score":130,"percentile":307},"2025-12-24",{"date":319,"score":130,"percentile":320},"2025-12-25",0.74922,{"date":322,"score":130,"percentile":323},"2025-12-26",0.7492,{"date":325,"score":130,"percentile":326},"2025-12-27",0.74968,{"date":328,"score":130,"percentile":304},"2025-12-28",{"date":330,"score":130,"percentile":331},"2025-12-29",0.74898,{"date":333,"score":130,"percentile":334},"2025-12-30",0.74913,{"date":336,"score":130,"percentile":337},"2025-12-31",0.74933,{"date":339,"score":253,"percentile":340},"2026-01-01",0.75097,{"date":342,"score":253,"percentile":343},"2026-01-02",0.751,{"date":345,"score":253,"percentile":343},"2026-01-03",{"date":347,"score":130,"percentile":348},"2026-01-04",0.74943,{"date":350,"score":130,"percentile":351},"2026-01-05",0.74937,{"date":353,"score":130,"percentile":354},"2026-01-06",0.7495,{"date":356,"score":130,"percentile":357},"2026-01-07",0.74959,{"date":359,"score":130,"percentile":360},"2026-01-08",0.74973,{"date":362,"score":130,"percentile":363},"2026-01-09",0.74977,{"date":365,"score":130,"percentile":363},"2026-01-10",{"date":367,"score":130,"percentile":368},"2026-01-11",0.74965,{"date":370,"score":130,"percentile":371},"2026-01-12",0.74952,{"date":373,"score":130,"percentile":374},"2026-01-13",0.74951,{"date":376,"score":130,"percentile":377},"2026-01-14",0.74978,{"date":379,"score":130,"percentile":380},"2026-01-15",0.74986,{"date":382,"score":130,"percentile":383},"2026-01-16",0.75001,{"date":385,"score":130,"percentile":386},"2026-01-17",0.74998,{"date":388,"score":130,"percentile":389},"2026-01-18",0.74982,{"date":391,"score":130,"percentile":360},"2026-01-19",{"date":393,"score":130,"percentile":363},"2026-01-20",{"date":395,"score":130,"percentile":396},"2026-01-21",0.74983,{"date":398,"score":130,"percentile":399},"2026-01-22",0.74987,{"date":401,"score":130,"percentile":402},"2026-01-23",0.75014,{"date":404,"score":130,"percentile":405},"2026-01-24",0.75022,{"date":407,"score":130,"percentile":408},"2026-01-25",0.75007,{"date":410,"score":130,"percentile":411},"2026-01-26",0.75005,{"date":413,"score":130,"percentile":402},"2026-01-27",{"date":415,"score":130,"percentile":416},"2026-01-28",0.75021,{"date":418,"score":130,"percentile":419},"2026-01-29",0.75017,{"date":421,"score":130,"percentile":422},"2026-01-30",0.75019,{"date":424,"score":130,"percentile":416},"2026-01-31",{"date":426,"score":253,"percentile":427},"2026-02-01",0.7516,[429,436],{"source":139,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":430,"cvss_v4_0":9},{"baseScore":431,"baseSeverity":432,"vectorString":433,"impactScore":434,"exploitabilityScore":435},4,"MEDIUM","CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",4.5,2.6,{"source":134,"cvss_v2_0":437,"cvss_v3_0":9,"cvss_v3_1":442,"cvss_v4_0":9},{"baseScore":438,"baseSeverity":9,"vectorString":439,"impactScore":440,"exploitabilityScore":441},3.5,"AV:N/AC:M/Au:S/C:N/I:P/A:N",2.9,6.8,{"baseScore":132,"baseSeverity":432,"vectorString":135,"impactScore":434,"exploitabilityScore":443},4.4,[445,454,460,466,481],{"ecosystem":9,"name":446,"vendor":447,"product":448,"cpe_part":449,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":450},"debian linux","debian","debian_linux","o",[451],{"version":452,"is_range":75,"range_type":453,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"ecosystem":9,"name":455,"vendor":456,"product":455,"cpe_part":449,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":457},"fedora","fedoraproject",[458],{"version":459,"is_range":75,"range_type":453,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33",{"ecosystem":9,"name":461,"vendor":462,"product":461,"cpe_part":449,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":463},"leap","opensuse",[464],{"version":465,"is_range":75,"range_type":453,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"ecosystem":9,"name":467,"vendor":468,"product":467,"cpe_part":469,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":470},"actionview","rails","a",[471,476],{"version":472,"is_range":473,"range_type":139,"version_start":9,"version_start_type":9,"version_end":474,"version_end_type":475,"fixed_in":9},"\u003C 5.2.4.2",true,"5.2.4.2","excluding",{"version":477,"is_range":473,"range_type":139,"version_start":478,"version_start_type":479,"version_end":480,"version_end_type":475,"fixed_in":9},">= 6.0.0, \u003C 6.0.2.2","6.0.0","including","6.0.2.2",{"ecosystem":9,"name":467,"vendor":482,"product":467,"cpe_part":469,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":483},"rubyonrails",[484,486],{"version":485,"is_range":473,"range_type":453,"version_start":9,"version_start_type":9,"version_end":474,"version_end_type":475,"fixed_in":9},"lt5.2.4.2",{"version":487,"is_range":473,"range_type":453,"version_start":478,"version_start_type":479,"version_end":480,"version_end_type":475,"fixed_in":9},"gte6.0.0_lt6.0.2.2"]